CN101710879B - Novel identity-based privacy enhanced mail forwarding system - Google Patents
Novel identity-based privacy enhanced mail forwarding system Download PDFInfo
- Publication number
- CN101710879B CN101710879B CN2009100006967A CN200910000696A CN101710879B CN 101710879 B CN101710879 B CN 101710879B CN 2009100006967 A CN2009100006967 A CN 2009100006967A CN 200910000696 A CN200910000696 A CN 200910000696A CN 101710879 B CN101710879 B CN 101710879B
- Authority
- CN
- China
- Prior art keywords
- user
- private key
- privacy enhanced
- system parameters
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
The invention discloses a novel identity-based privacy enhanced mail forwarding system, which belongs to the field of communication. A method comprises the following steps of: selecting system parameters according to system security requirements, and generating a system master private key (namely the private key of a private key generation center PKG); receiving a user registration application by the PKG, and generating a private key for a user according to an e-mail address selected by the user; generating a first-stage encrypted e-mail according to the e-mail address of the user; generating a re-encrypted private key according to the system parameters; generating a second-stage encrypted e-mail according to the first-stage encrypted e-mail and the re-encrypted private key, and forwarding the second-stage encrypted e-mail; and decrypting the first-stage or the second-stage encrypted e-mail according to the private key of the user. The novel identity-based privacy enhanced mail forwarding system is realized on the basis of the bilinear pairing defined on an elliptic curve, uses a novel random filling mode to ensure the non-scalability of a cipher text, and enhances the security of the first-stage and the second-stage encrypted e-mails.
Description
Technical field
The present invention relates generally to be used for encryption, re-encryption, forwarding and the deciphering of mailing system, more particularly, relate to use and act on behalf of the re-encryption system as the cryptography instrument and then realize the forwarding of privacy enhanced mail based on identity.
Terminological interpretation
The implication of privacy enhanced mail: Mail Contents is through encrypting.
Implication based on identity: encryption key is exactly targeted mails address itself (Just because of this, this system does not need PKIX PKI), generates for each registered user but decruption key then generates center (PKG) by a private key trusty.
The implication that privacy enhanced mail is transmitted: be the privacy enhanced mail of issuing user A (such as manager) originally, (such as going on business etc.) for some reason, A has no time to attend to deciphering and handle this mail; But A has opened automatic forwarding service before this, hopes that oneself secret mail is transmitted to another one user B (such as the assistant manager) to be handled.Simultaneously, there is following requirement in this system:
The first, A does not hope directly to give B with the decruption key of oneself, does not hope that decruption key is acted on behalf of in generation to B yet;
The second, this mail must be still with the forwarded in form of certain ciphertext;
The 3rd, this forwarding work down can be accomplished by one and half trust authority (such as secretary or the mail server itself of A), and this half trust authority is called acts on behalf of Proxy.
Background technology
1984, shamir proposed the thought of public key encryption (IBE) system based on identity, and its core purpose is exactly to remove the dependence that public base is provided with PKI.
1998, people such as Barak proposed to act on behalf of the imagination of re-encryption (PRE), and its core objective is exactly to convert the ciphertext of user A the ciphertext of user B into by the one and half believable Proxy of mechanism, thereby user B can directly decipher with the private key of oneself.Act on behalf of the re-encryption requirement and carry out the ciphertext corresponding plaintext information that the Proxy of this conversion work can not or be changed, can not know the private key information of A or B.Therefore, deciphering the approach of encrypting with the PKI of B again with the private key of A earlier is invalid realization.
Calendar year 2001, people such as Boneh have designed the encipherment scheme based on identity of first highly effective based on bilinearity pairing.
2007, people such as Green designed the re-encryption scheme of acting on behalf of based on identity.
Under such background, we propose the present invention just.Be intended to propose a kind of privacy enhanced mail retransmission method and system based on identity.
Summary of the invention
The embodiment of the invention provides a kind of privacy enhanced mail retransmission method and system based on identity.Said technical scheme is following:
(1) requires the selective system parameter according to security of system, and generate the PKG desired parameters according to said system parameters<g
1, G
2, ê, h, H, p, q, P, P
0, s>, comprise two work crowd G
1(generator P) and G
2, (definition is from G for bilinear mappings ê
1* G
1To G
2On), crash-resistant Hash function h, Map-to-point function H, big prime number p and q, main private key s and the PKI P thereof of PKG
0
(2) user registers own addresses of items of mail ID at the PKG place
U, confirm user's true identity to generate pairing decruption key then through the physics mode of off-line, the mode of the safety through off-line sends to the user again;
(3) user x sends mail and gives A, at first obtains the addresses of items of mail ID of A
A, the PKI of calculating A is contacted the back to the random digit of Mail Contents and generation with sending behind the public key encryption.
(4) the user A password mail of hoping to issue oneself is transmitted to intrasystem another one user B and goes to handle, and user A also will send to one and half trust authority Proxy to this key according to the PKI generation re-encrypted private key of own private key and user B.
(5) after certain user A in the system opened mail forwarding service, the secret mail of every A of issuing all directly was transmitted to Proxy (the for example secretary of A or mail server).Have re-encrypted private key Proxy behind the original secret mail that obtains user A, carry out superencipher, be transmitted to user B in the system through overt channel then.
(6) if certain user receives that the password mail is the one-level privacy enhanced mail in the system, decipher with the decruption key of oneself;
(7) if the secondary privacy enhanced mail, at first checking secondary ciphertext whether is effectively deciphered it again.
The embodiment of the invention also provides a kind of transmission digital signature system based on braid group, and said system comprises:
(1) system parameters generation module is used for requiring to select suitable system parameters according to security of system, and generates the PKG desired parameters according to said system parameters<g
1, G
2, ê, h, H, p, q, P, P
0, s>
(2) user registration module, the registered user, and obtain the corresponding decruption key in user mail address;
(3) email encryption module, calculating mail reception person's PKI generates mail and additional information, encrypts the back and sends;
(4) re-encrypted private key generation module calculates the re-encrypted private key when carrying out superencipher, and sends to the Proxy of half trust;
(5) mail re-encryption and forwarding module are encrypted and are transmitted the secret mail that needs are transmitted;
(6) privacy enhanced mail deciphering module according to the number of times of email encryption, selects different decryption methods that it is deciphered.
The beneficial effect of the technical scheme that the embodiment of the invention provides is:
Be fit to the work mailing system within the sensitive mechanism.PKG can be the Supreme Commander (such as president etc.) of this mechanism, and Proxy can have one (such as mail server), perhaps a plurality of (such as each leader's secretaries).
Description of drawings
Fig. 1 is a kind of privacy enhanced mail retransmission method flow chart based on identity that the embodiment of the invention provides;
Fig. 2 is a kind of privacy enhanced mail forwarding system sketch map based on identity that the embodiment of the invention provides.
Embodiment
For making the object of the invention, technical scheme and advantage clearer, embodiment of the present invention is done to describe in detail further below in conjunction with accompanying drawing.
Referring to Fig. 1, present embodiment provides a kind of privacy enhanced mail retransmission method based on identity, and this method may further comprise the steps:
Step 101: the selective system parameter, the concrete system parameters of selecting is following:
At first, by the generation center of key, promptly PKG selectes work crowd G according to following mode
1And G
2, G
1Certain generator P, and the definition from G
1* G
1To G
2On bilinearity reflect other ê;
(1) select a big prime number p to satisfy p=2 mod 3 and p=6q-1, to certain prime number q.Make that E is by equation y
2=x
3+ 1 is defined in the elliptic curve on the finite field GL (p), makes that P is a q rank element among the E/GL (p), order crowd G
1=<p>, promptly by the module on the elliptic curve of P generation.
(2) make 1 ≠ ζ ∈ GL (p
2) be EQUATION x
3Separate for one of-1=0 mod p, make mapping phi (x, y)=(ζ x, y).Note is E [q] by the crowd that < P, φ (P)>generates.Make G again
2Be GL (p
2) in all rank be that the set that the element of q is formed (can prove this and gather (the p for GL
2) the multiplication subgroup), e:E [q] * E [q] → G
2Be to be defined in E/GL (p
2) on Weil pairing, the Weil that then revises pairing ê is defined as: ê (P, Q)=e (P, φ (Q)).Be prone to card, so the ê of definition satisfies bilinearity, non-degeneracy and computability.
Secondly, PKG is from Z
q *In select master key s at random, and make P
0=[s] P.
Once more, selected following two Hash function: h of PKG and H
(1) h is any crash-resistant Hash function.Consider that the collision of present MD5 and SHA-1 all finds, it is SHA-256 that h is got in suggestion.
(2) H:{0,1}
*→ G
1Be the Map-to-point function, it reflects any identity ID is G
1In certain element, its computational process is following: calculate earlier y=h (ID) mod p, ID is the binary string of expression user identity here; If y=0 or 1 are then added a bit 0 at the back at ID, carry out aforementioned calculation once more, be not equal to 0 up to the y that occurs and also be not equal to till 1.Calculate x=(y again
2-1)
(2p-1)/3Mod p.Make then that H (ID)=(x y) is G
1In the point.
At last, PKG announces<g
1, G
2, ê, h, H, p, q, P, P
0>, system parameters is set and is finished.
Step 102: user's registration, detailed process is:
At first, need the user U of registration, select the addresses of items of mail ID that oneself likes
USend ID through overt channel then
UGive PKG, request registration, and request PKG issues decruption key for it.
Secondly, PKG is at the ID that receives user U
UAfterwards, elder generation confirms the true identity of user U through the mode of the physics of off-line.Then, PKG calculates Q at present
U=H (ID
U), calculate S again
U=[s] Q
U, last again with off-line and be that safe mode is with S
USend to user U.
Step 103: email encryption, detailed process is:
Certain user X outside the interior perhaps system of supposing the system wants to send the secret mail M of an envelope and gives certain user A in the system, and then X at first will obtain the addresses of items of mail ID of A
AThen, X generates secret mail C according to following mode:
(1) X calculates the PKI Q of user A
A=H (ID
A);
(2) X selects a random number D, requires the binary system length L of D to fix here, and can not be too little, and requiring 1/ (2^L) is a negligible quantity, such as getting L=80;
(3) X is connected in series mail M and d, i.e. E=M ‖ D;
(4) X calculates r=h (E) mod q;
(5) X calculates C
1=[r] P, Q=[r] Q
A
(6) X calculates f=ê (P
0, Q) mod q;
(7) X calculates C
2=E
fMod p;
(8) X makes C=(C
1, C
2), and send to user A to C through overt channel.
Step 104: re-encrypted private key generates, and detailed process is:
Certain user A in the supposing the system hopes to issue own secret mail and is transmitted to intrasystem another one user B and goes processing.User A generates re-encrypted private key according to following mode:
(1) A calculates the PKI Q of B
B=H (1D
B);
(2) A selects a random number X;
(3) A calculates r=h (X) mod q;
(4) A calculates R
1=[r] P, Q=[r] Q
B
(5) A calculates f=ê (P
0, Q) mod q;
(6) A calculates R
2=X
fMod p;
(7) A calculates r
x=h (X) mod q;
(8) A calculates R3=[r
x] P-SA;
(9) A ream weight encryption key RK
A2B=(R
1, R
2, R
3), and with RK
A2BSend to half trust authority Proxy (the for example secretary of A or mail server) through safe lane.
Step 105: mail re-encryption and forwarding, detailed process is:
After certain user A in the system opened mail forwarding service, the secret mail of every A of issuing all directly was transmitted to Proxy (the for example secretary of A or mail server).Have re-encrypted private key RK
A2BProxy at original secret mail (the being called the one-level privacy enhanced mail) C=(C that obtains user A
1, C
2) after, carry out following operations:
(1) calculates f=ê (C
1, R
3) mod q;
(2) calculate C
2'=(C
2)
fMod p;
(3) make C '=(C
1, C
2', R
1, R
2) be the secondary privacy enhanced mail, and it is transmitted to user B in the system through overt channel.
Step 106: the deciphering of one-level privacy enhanced mail, detailed process is:
If the secret mail that certain user U receives in the system is the one-level privacy enhanced mail, promptly without the mail C=(C that crosses re-encryption
1, C
2), then carry out following decryption step:
(1) U calculates f=ê (C
1, S
U) mod q, wherein S
UIt is the decruption key of user U oneself;
(2) U calculates E=(C
2)
-f mod qMod p;
(3) U takes out L position, back earlier from E, is designated as D, and all the other are designated as M;
(4) U calculates r=h (E) mod q;
(5) U calculates and checking equality [r] P=C
1Whether set up:, explain that then C is an invalid one-level ciphertext (possibly send distorted in the way or have error of transmission to take place) if be false; Otherwise, explain that C is effective one-level ciphertext, and the corresponding M that calculates is exactly the original e-mail after the effectively deciphering.
Step 107: the deciphering of secondary privacy enhanced mail, detailed process is:
If the secret mail that certain user U receives in the system is the secondary privacy enhanced mail, promptly pass through the mail C=(C of re-encryption
1, C
2', R
1, R
2), then carry out following encrypting step:
(1) calculates f=ê (R
1, S
U) mod q;
(2) calculate X=(R
2)
1/f mod qMod p;
(3) calculate r
x=h (X) mod q;
(4) calculate P '=[r
x] P;
(5) calculate g=ê (C
1, P ') and mod q;
(6) calculate E=(C
2')
gMod p;
(7) from E, take out L position, back earlier, be designated as D, all the other are designated as M;
(8) calculate r=h (E) mod q;
(9) calculate and whether checking equality [r] P=C1 sets up: if be false, then explain C be an invalid secondary ciphertext (possibly send distorted in the way or have error of transmission to take place or re-encryption incorrect); Otherwise, explain that C is effective secondary ciphertext, and the corresponding M that calculates is exactly the original e-mail after the effectively deciphering.
Referring to Fig. 2, present embodiment provides a kind of privacy enhanced mail forwarding system based on identity, comprising:
System parameters generation module 201 is used for requiring to select suitable system parameters according to security of system, and generates the required parameter of PKG (being that private key generates the center) according to said system parameters;
Email encryption module 203, calculating mail reception person's PKI generates mail and additional information, encrypts the back and sends;
Re-encrypted private key generation module 204 calculates the re-encrypted private key when carrying out superencipher, and sends to the Proxy of half trust;
Mail re-encryption and forwarding module 205 are encrypted and are transmitted the secret mail that needs are transmitted;
One-level privacy enhanced mail deciphering module 206 is to deciphering without the privacy enhanced mail of crossing the re-encryption forwarding;
Secondary privacy enhanced mail deciphering module 207 is deciphered the privacy enhanced mail of transmitting through re-encryption.
Wherein, system parameters generation module 201 comprises:
The system parameter selection unit is used for requiring to select suitable system parameters according to security of system.These parameters all are need be disclosed, mainly comprise two work crowd G
1(generator P) and G
2, (definition is from G for bilinear mappings ê
1* G
1To G
2On), crash-resistant Hash function h, Map-to-point function H, big prime number p and q, and the PKI P of PKG
0(the main private key selected cell by following generates);
Main private key selected cell is used for according to said system parameters, selects main private key (being the private key that private key generates center P KG) s, and calculates the PKI P of PKG according to main private key
0Main private key s will maintain secrecy, and the PKI P of PKG
0Then disclose as one of system parameters.
The application for registration unit is used to let the user of needs registration choose at random the addresses of items of mail of oneself liking, and request registration takes place to PKG through overt channel;
The user identity discriminating unit is used to let PKG after the application for registration of receiving the user, and the mode of the physics through off-line is confirmed user's true identity;
The decruption key generation unit, the user lets PKG after the application for registration of confirming the user and corresponding identity, and the addresses of items of mail of selecting according to the user is user's generating solution decryption key;
Decruption key is issued the unit, is used to let decruption key that PKG produced the decruption key generation unit send to the user through the mode of the safety of off-line.
Email encryption module 203 comprises:
The PKI generation unit is used to let user's (be called for short the sender, down with) that desire sends privacy enhanced mail generate corresponding encrypted public key according to mail reception person's's (adhere to the recipient, down with) addresses of items of mail;
The fill factor, curve factor selected cell is used to let the sender according to said system parameters, selects the fill factor, curve factor of the binary string of a regular length as this email encryption at random;
The mail encapsulation unit, the mail that is used to let the sender that desire is encrypted encapsulates with said fill factor, curve factor;
The ciphertext generation unit is used to the mail that lets the sender get up according to said system parameters, said PKI, said encapsulation, generates corresponding ciphertext;
The ciphertext transmitting element, the user lets the sender with said, and ciphertext takes place to the recipient through overt channel.
Re-encrypted private key generation module 204 comprises:
Act on behalf of the PKI computing unit, be used to let and desire authorized user (being the deciphering person of one-level privacy enhanced mail) according to said its PKI that is authorized to user's (being the deciphering person of secondary privacy enhanced mail) of choosing of system parameters calculating;
The re-encrypted private key generation unit is used to let the desire authorized user calculate the mail re-encrypted private key;
The re-encrypted private key generating unit is used to let and desires authorized user said re-encrypted private key is sent to its one and half trusted agents of choosing (for example desiring secretary or the mail server of authorized user etc.) through safe lane.
Mail re-encryption and forwarding module 205 comprise:
Mail re-encryption unit is used to let half trusted agent that the privacy enhanced mail that receives is carried out re-encryption;
Re-encryption mail retransmission unit, the mail after being used to let said half trusted agent with said re-encryption is transmitted to authorized users (being secondary privacy enhanced mail deciphering person) through overt channel.
One-level privacy enhanced mail deciphering module 206 comprises:
One-level decrypt ciphertext unit is used to let the user according to oneself private key, and received one-level privacy enhanced mail is tried deciphering, obtains with the mail of filling expressly;
Authentication unit is used to let mail that the user fills according to said system parameters and said band expressly, verifies the integrality of former privacy enhanced mail;
Mail deblocking unit, be used to let the user according to the said mail that has a filling expressly with said filling mode, isolate fill factor, curve factor and not with the mail plaintext of filling.
Secondary privacy enhanced mail deciphering module 207 comprises:
Secondary decrypt ciphertext unit is used to let the user according to oneself private key, and received secondary privacy enhanced mail is tried deciphering, obtains with the mail of filling expressly;
Authentication unit is used to let mail that the user fills according to said system parameters and said band expressly, the integrality of checking secondary privacy enhanced mail;
Mail deblocking unit, be used to let the user according to the said mail that has a filling expressly with said filling mode, isolate fill factor, curve factor and not with the mail plaintext of filling.
All or part of step in the such scheme can be accomplished through the commands for controlling relevant hardware, and this instruction can be stored in the storage medium, and storage medium is in the hard disk and internal memory like computer or server.
The above is merely preferred embodiment of the present invention, and is in order to restriction the present invention, not all within spirit of the present invention and principle, any modification of being done, is equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (2)
1. privacy enhanced mail retransmission method based on identity is characterized in that said method comprises:
Require the selective system parameter according to security of system, and generate the main private key that private key generates center P KG according to said system parameters; It specifically comprises following steps: at first, require the selective system parameter according to security of system, comprise and select suitable elliptic curve and be defined in the bilinear mappings on this curve; Secondly, select main private key for private key generates center P KG, and calculate corresponding public key; At last, select two hash functions: one is used for any binary string is mapped as the point on the said elliptic curve; Another is any crash-resistant hash function;
According to said system parameters and said main private key, for each registered user generates PKI and private key; It specifically comprises following steps: at first, the user selects the addresses of items of mail of oneself, and proposes application for registration to PKG; Secondly, PKG accepts user's application for registration, confirms user real identification through offline mode, and is user's generating solution decryption key; At last, PKG sends to the user with user's decruption key with the mode of the safety of off-line;
According to said system parameters, said PKI and mail to be sent, generate the one-level privacy enhanced mail; It specifically comprises following steps: at first, according to said system parameters and reception addresses of items of mail, generate encrypted public key; Secondly, according to said system parameters, fill at random desiring privacy enhanced mail; Once more, according to the mail after said system parameters, said PKI, the said filling, generate the one-level privacy enhanced mail; At last, said one-level privacy enhanced mail is sent to the recipient through overt channel;
According to said system parameters and the private key of desiring authorized user, be authorized to user's PKI, generate re-encrypted private key; It specifically comprises following steps: at first, desire authorized user according to said system parameters and the addresses of items of mail that is authorized to the user, generate the PKI that is authorized to the user; Secondly, desiring authorized user according to said system parameters and oneself private key and the said PKI that is authorized to the user, is that half trusted agent generates re-encrypted private key; At last, desire authorized user said re-encrypted private key is sent to half trusted agent through safe lane;
According to said one-level privacy enhanced mail and said re-encrypted private key, generate the secondary privacy enhanced mail; It specifically comprises following steps: at first, according to said system parameters, said one-level privacy enhanced mail and said re-encrypted private key, generate the secondary privacy enhanced mail; Secondly, said secondary privacy enhanced mail is transmitted to through overt channel is authorized to the user;
According to the private key and said one-level or the secondary privacy enhanced mail that generate for the registered user, decipher respectively; It specifically comprises following steps: at first, divide into one-level or secondary privacy enhanced mail according to the architectural feature of said privacy enhanced mail; Secondly,, try deciphering, obtain having the mail plaintext of filling at random according to said system parameters, said one-level or secondary privacy enhanced mail and mail reception person's private key; Once more, according to said system parameters and the said mail plaintext that has filling, the integrality of checking one-level or secondary privacy enhanced mail; At last, isolate fill factor, curve factor and not expressly according to said system parameters, filling mode with the mail of filling.
2. the privacy enhanced mail forwarding system based on identity is characterized in that, said system comprises:
The system parameters generation module is used for requiring to select suitable system parameters according to security of system, and generation is that private key generates the required parameter of center P KG according to said system; Said system parameters generation module specifically comprises: the system parameter selection unit is used for requiring to select suitable system parameters according to security of system; Main private key selected cell is used for according to said system parameters, selects the main private key of PKG;
User registration module is used to let the user register, and obtains the corresponding private key in user mail address; Said user registration module specifically comprises: the application for registration unit is used to let the user select the addresses of items of mail of oneself, and carries out application for registration; The user identity discriminating unit is used to let PKG verify user's true identity; The decruption key generation unit, the user lets PKG after the identity of confirming the user, is user's generating solution decryption key; Decruption key is issued the unit, is used to let PKG that user's decruption key is sent to the user through safe lane;
The email encryption module is used to let e-mail sending generate encrypted public key and corresponding privacy enhanced mail according to recipient's addresses of items of mail; Said email encryption module specifically comprises: the PKI generation unit is used for generating corresponding encrypted public key according to addresses of items of mail; The fill factor, curve factor selected cell is used to select the fill factor, curve factor of this email encryption; The mail encapsulation unit, the mail that is used for desire is encrypted encapsulates with said fill factor, curve factor; The ciphertext generation unit is used for the mail that gets up according to said system parameters, said PKI, said encapsulation, generates the respective encrypted mail; The ciphertext transmitting element is used for said privacy enhanced mail is sent to the recipient through overt channel;
The re-encrypted private key generation module is used to let and desires the private key of authorized user basis oneself and be authorized to the corresponding re-encrypted private key of user mail address computation; Said re-encrypted private key generation module specifically comprises: act on behalf of the PKI computing unit, be used for calculating its PKI that is authorized to the user of choosing according to said system parameters; The re-encrypted private key generation unit is used to calculate re-encrypted private key; The re-encrypted private key generating unit is used for said re-encrypted private key is sent to half trusted agent through safe lane;
Mail re-encryption and forwarding module are used to let half trusted agent generate the secondary privacy enhanced mail according to one-level privacy enhanced mail and said re-encrypted private key, and are transmitted to and are authorized to the user; Said mail re-encryption and forwarding module specifically comprise: mail re-encryption unit is used for the privacy enhanced mail that receives is carried out re-encryption; Re-encryption mail retransmission unit is used for the mail after the said re-encryption is transmitted to authorized users through overt channel;
One-level privacy enhanced mail deciphering module is used to let the recipient of mail decipher the one-level privacy enhanced mail according to the private key of oneself; Said one-level privacy enhanced mail is deciphered concrete module and is comprised: one-level decrypt ciphertext unit, be used for received one-level privacy enhanced mail is tried deciphering, and obtain mail plaintext with filling;
Authentication unit is used for the mail plaintext according to said system parameters and the filling of said band, verifies the integrality of former privacy enhanced mail; Mail deblocking unit, be used for according to the said mail that has a filling expressly with said filling mode, isolate fill factor, curve factor and not with the mail plaintext of filling;
Secondary privacy enhanced mail deciphering module is used to let the recipient of mail decipher the secondary privacy enhanced mail according to the private key of oneself; Said secondary privacy enhanced mail deciphering module specifically comprises: secondary decrypt ciphertext unit, be used for received secondary privacy enhanced mail is tried deciphering, and obtain mail plaintext with filling;
Authentication unit is used for the mail plaintext according to said system parameters and the filling of said band, the integrality of checking secondary privacy enhanced mail; Mail deblocking unit is used for according to the said mail that has a filling expressly and filling mode, isolate fill factor, curve factor with not with the mail plaintext of filling.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100006967A CN101710879B (en) | 2009-01-14 | 2009-01-14 | Novel identity-based privacy enhanced mail forwarding system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100006967A CN101710879B (en) | 2009-01-14 | 2009-01-14 | Novel identity-based privacy enhanced mail forwarding system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101710879A CN101710879A (en) | 2010-05-19 |
| CN101710879B true CN101710879B (en) | 2012-05-02 |
Family
ID=42403640
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009100006967A Expired - Fee Related CN101710879B (en) | 2009-01-14 | 2009-01-14 | Novel identity-based privacy enhanced mail forwarding system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101710879B (en) |
Families Citing this family (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102404121B (en) * | 2011-11-30 | 2014-03-12 | 华为技术有限公司 | Method, device and system for processing cipher text |
| CN103384233B (en) | 2012-05-02 | 2017-06-20 | 华为技术有限公司 | A kind of methods, devices and systems for acting on behalf of conversion |
| CN103095462B (en) * | 2013-01-24 | 2015-10-28 | 中国科学院软件研究所 | Based on the data broadcast distribution guard method acting on behalf of re-encryption and safety chip |
| CN104639319B (en) * | 2013-11-10 | 2019-04-23 | 航天信息股份有限公司 | The proxy re-encryption method and system of identity-based |
| CN105187303B (en) * | 2015-10-27 | 2018-06-29 | 湖北工业大学 | The safety of electronic mail repeater system and method for a kind of anti-reverse-engineering |
| CN107360181A (en) * | 2017-08-02 | 2017-11-17 | 成都蓝码科技发展有限公司 | A kind of data encryption system and method based on id password |
| CN109450631A (en) * | 2018-12-27 | 2019-03-08 | 石更箭数据科技(上海)有限公司 | Key generation device and management system, data processing equipment, data transacting system |
| CN111368317B (en) * | 2020-03-04 | 2021-03-19 | 江苏经贸职业技术学院 | Computer data encryption system and method |
| CN113824702B (en) * | 2021-09-02 | 2024-02-02 | 积至(海南)信息技术有限公司 | Mail system based on IBE identity authentication technology |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101083524A (en) * | 2007-06-14 | 2007-12-05 | 腾讯科技(深圳)有限公司 | Method and system for encrypting and deciphering E-mail |
-
2009
- 2009-01-14 CN CN2009100006967A patent/CN101710879B/en not_active Expired - Fee Related
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101083524A (en) * | 2007-06-14 | 2007-12-05 | 腾讯科技(深圳)有限公司 | Method and system for encrypting and deciphering E-mail |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101710879A (en) | 2010-05-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101710879B (en) | Novel identity-based privacy enhanced mail forwarding system | |
| CN109246096B (en) | Multifunctional fine-grained access control method suitable for cloud storage | |
| CN105743646B (en) | A kind of Identity based encryption method and system | |
| JP3548215B2 (en) | Communication method and system | |
| CN102624522A (en) | Key encryption method based on file attribution | |
| CN103647642A (en) | Certificate-based agent heavy encryption method and system | |
| CN105933345B (en) | It is a kind of that outsourcing attribute base encryption method can verify that based on linear privacy sharing | |
| JP6115573B2 (en) | Cryptographic system, data storage system, and apparatus and method used therefor | |
| CN107086912B (en) | Ciphertext conversion method, decryption method and system in heterogeneous storage system | |
| JP5047638B2 (en) | Ciphertext decryption right delegation system | |
| CN110120939A (en) | A kind of encryption method and system of the deniable authentication based on heterogeneous system | |
| JP5298394B2 (en) | Dual-function ID-based encryption method and encryption system | |
| CN109873699A (en) | A kind of voidable identity public key encryption method | |
| CN110113150A (en) | The encryption method and system of deniable authentication based on no certificate environment | |
| CN103297230B (en) | Information encipher-decipher method, Apparatus and system | |
| JP2011055309A (en) | Id-based encryption method with double function and encryption system | |
| Reshma et al. | Pairing-free CP-ABE based cryptography combined with steganography for multimedia applications | |
| JPH04347949A (en) | Cipher communicating method and cipher communicating system | |
| JP5135070B2 (en) | Ciphertext decryption authority delegation system | |
| CN104301327A (en) | Privacy protection system and method used for P2P social network and based on broadcast encryption | |
| Weber | A hybrid attribute-based encryption technique supporting expressive policies and dynamic attributes | |
| CN102195782A (en) | Two-way identity authentication method with integration of identity and password for mailing system | |
| Azaim et al. | Design and implementation of encrypted SMS on Android smartphone combining ECDSA-ECDH and AES | |
| Seo et al. | Zigbee security for visitors in home automation using attribute based proxy re-encryption | |
| JP2009065226A (en) | Authenticated key exchange system, authenticated key exchange method and program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120502 Termination date: 20140114 |